1. Field of the Invention
The present invention relates generally to systems and methods for providing a verifiable chain of evidence and security for the transfer and retrieval of electronic documents and other information objects in digital formats.
2. Description of the Background
The evolution of methods of commerce is evident in the increasing replacement of paper-based communications with electronic communications. With paper based documents the traditionally accepted methods of verifying the identity of a document's originator or executor for legal purposes include an original, blue-ink signature, the physical presence of the signor and/or a personal witness or Notary Public acknowledgment. When documents are prepared and communicated electronically such as by e-mail, facsimile machine or electronic data interchange the traditionally accepted methods are not possible as there no longer exists an original hand written signature or notary's raised seal to authenticate the identity of a party to a transaction. Further, unlike the words of a document that are largely fixed on a page in a human readable format, the content of an electronically prepared, communicated and executed document are stored in a machine readable format that is more prone to alteration and tampering after execution.
To address these problems with electronic documents, a third-party operated Trusted Repository System (TRS) has been described that provides the needed security and protection of electronic documents and veracity of signatures. The system advantageously utilizes an asymmetric cryptographic system that help to ensure that a party originating or executing an electronic document is identifiable as such and that protects the integrity of electronically stored documents and other information objects during and after execution. This system is one aspect of the methods and apparatus for secure transmission, storage, and retrieval of information objects that are described in U.S. Pat. Nos. 5,615,268, 5,748,738, 6,237,096, 6,367,013 and 7,020,645 to Bisbee et al. which are expressly incorporated herein by reference.
As an initial matter, it will be helpful to understand the following terminology that is common in the field of secure electronic commerce and communications:                Public key cryptography (PKC) is a cryptographic technique that uses a pair of “keys,” one public and one private, that are associated with a specific individual. The private key is maintained in secret by the individual. The public key is published for anyone to use for encrypting information intended for the individual. Only the holder of the paired private key can decrypt and access information encrypted with the public key. Conversely, the holder of an individuals public key can decrypt and access information encrypted by the individual's private key. The encrypt and decrypt functions of the two keys are truly “one-way,” meaning that it is not possible to determine a private key from the corresponding public key, and vice-versa, due to the fact that it is currently computationally easy for a computer to identify large prime numbers but extremely difficult for a computer to factor the product of two such large prime numbers.        The one-way characteristic of a PKC system also enables a private key holder to “digitally sign” an electronic document by creating a “hash” of the document itself and then encrypting the hash with the private key and appending the encrypted hash (now referred to as a digital signature) to the original document. The hash is produced by applying an algorithm to the document to be digitally signed, the results of which correspond directly to the document so that the slightest change in the document itself will result in a change in the hash. On receipt, a public key holder can verify a signature by decrypting the hash and comparing the decrypted hash to a newly computed hash of the document. If the two hashes match the recipient can be assured that the signer was in possession of the private (secret) key and is thus presumably whom they purport to be. Comparison of the newly computed hash to the decrypted hash also verifies that the document itself has not been altered since it was signed. If the new hash matches the original hash decrypted with the public key then the recipient can be assured that the document itself has not been altered as even the slightest change in the document itself will result in the two hashes not matching. Example PKC algorithms that comply with government and/or commercial standards include the digital signature algorithm (DSA/RSA) and secure hash algorithm (SHA-1/MD5).        Various aspects of public-key cryptographic (PKC) systems are described in the literature, including R. L. Rivest et al., “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM vol. 21, pp. 120 126 (February 1978); M. E. Hellman, “The Mathematics of Public-Key Cryptography”, Scientific American, vol. 234, no. 8, pp. 146 152, 154 157 (August 1979); and W. Diffie, “The First Ten Years of Public-Key Cryptography”, Proceedings of the IEEE, vol. 76, pp. 560 577 (May 1988), each of which are incorporated herein by reference. It can also be noted that a PKC system's strength, i.e., the computational effort needed to break the encryption, depends to a great extent on the length of the key, as described in C. E. Shannon, “Communication Theory of Secrecy Systems”, Bell Sys. Tech. J. vol. 28, pp. 656 715 (October 1949) which is also incorporated herein by reference.        A “digital signature” is a cryptographically created data element that is logically associated with, applied or otherwise appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document. As described, a digital signature is typically created by “hashing” an electronic document and encrypting the resulting hash (integrity block) using the signor's private (secret) key and thereafter appended to the electronic document.        A “holographic signature” is a digitization of a handwritten or mechanical signature that has been electronically captured, e.g., by using a stylus, touchpad/touch screen or scanner, to create a bit image of the handwritten signature that is logically associated with, applied or appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document. Common digitized signature file formats include, without limitation, .TIFF, .GIF, .JPEG and .BMP files.        A “voice signature” is a digitized audio recording of an individual's spoken statement that is logically associated with, applied or appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document. Common audio file formats include, without limitation, .acc, .aif, .iff, .mp3, .mpa, .ra, .wav and .wma files.        A “video signature” is a digitized video recording of an individual's image and spoken statement that is logically associated with, applied or appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document. Common video file formats include, without limitation: .3g2, .3gp, .asf, .asx, .avi, .flv, .mov, .mp4, .mpg, .rm, .swf, .vob and .wmv files.        A “biometric signature” is a digitally captured representation of a physical characteristic that uniquely identifies an individual, such as a finger print, facial scan or retinal scan, which is logically associated with, applied or appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document. Common biometric file formats include, without limitation, XCBF and CBEFF files. An implanted “radio tag” or “microchip” may in the future be used in the identification and signature process.        A “mechanical signature” is any text, character(s), symbol(s), stamp(s), Hanko(s), seal(s) or image(s) executed or adopted by an individual that is logically associated with, applied or appended to an electronic document with the intent of the creator to indicate their assent to the information contained in the document or their willingness to be otherwise bound by the terms or conditions recited in the electronic document.        An “electronic signature” is any one of the mechanical, holographic, digital, voice, video or biometric signatures, or such other electronic sound, symbol, picture, or process that is logically associated, applied or attached to an electronic document with the intent or commitment of the signer to sign or otherwise be bound by the terms of the electronic document. Electronic signatures may contain additional information about the signer (e.g. name, email address etc.) and the signing event (e.g. reason, date and time, place etc.).        An “authentication certificate” is an unforgeable data element that binds an individual's public key to the individual's identity information and that advantageously, but not necessarily, conforms to the international standard X.509 version 3, “The Directory-Authentication Framework 1988”, promulgated by the International Telecommunications Union (ITU). Authentication certificates are issued by a Certificate Authority (CA) that is a known entity and is responsible for ensuring the unique identification of all of its users and both source and content integrity of the information contained in the certificate. An authentication certificate is created when a CA uses its own private key to digitally sign (i.e. hash and encrypt) an individual's public key along with certain of the individual's indentifying information (name, location etc.) and certain information regarding the certificate itself (issuer, expiration date etc.). The act of digitally signing by the CA makes a certificate substantially tamper-proof such that further protection is not needed. The intent of the certificate is to reliably associate (bind) a user's identity to the user's public cryptographic key.        Each authentication certificate includes the following critical information needed in the signing and verification processes: a version number, a serial number, an identification of the Certification Authority (CA) that issued the certificate, identifications of the issuer's hash and digital signature algorithms, a validity period, a unique identification of the user who owns the certificate, and the user's public cryptographic signature verification key. Certificate extensions can also be used as a way of associating additional attributes with users or public keys, and for managing the public key infrastructure certificate hierarchy. Guidance for using extensions is available in the recommendations of ITU X.509v3 (1993)/ISO/IEC 9594 8:1995, “The Directory: Authentication Framework” or in IETF Internet X.509 Public Key Infrastructure Certificate and CRL Profile<draft-ietf-pkix-ipki-part1-11>.        An individual's authentication certificate is advantageously and preferably appended to an electronic document that the individual has digitally signed with the individual's private key so that it is possible to verify the digital signature by decrypting the individual's public key with the known and trusted CA's public key. Alternatively, the certificate may be retrieved from the issuing CA or directory archive.        The “Public Key Infrastructure (PKI)” is the hierarchy of CA's responsible for issuing authentication certificates and certified cryptographic keys used for digitally signing and encrypting information objects. Certificates and certification frameworks are described in C. R. Merrill, “Cryptography for Commerce—Beyond Clipper”, The Data Law Report, vol. 2, no. 2, pp. 1, 4 11 (September 1994) and in the X.509 specification, which are expressly incorporated herein by reference.        A “multimedia signature block” is a data element that holds at least one electronic signature, and appropriate identification and use information. A multimedia signature block includes at least signer information (typed name), signer's electronic signature, hash computed over the information object and electronic signature, signature placement information and the signer intent.        Multimedia signatures are those electronic signatures that are not renderable in human readable form.        An electronic “wrapper” is a “container” used to securely hold and associate electronic signatures with part or all of one or more electronic information objects contained therein. Wrappers may take the form of any open standard enveloping or information object (document) formatting schemas. Two examples are the RSA's Public Key Cryptographic Standard (PKCS) #7 and the World Wide Web Consortium's (W3C) Extensible Markup Language (XML-DSig) Digital Signature Syntax and Processing Recommendation. The RSA PKCS #7 standard supports zero, one, and multiple parallel and serial digital signatures (cosign and countersign). PKCS #7 supports authenticated and unauthenticated attributes that are associated with the signature block. A signer's digital signature is usually computed over the hash of the information object and authenticated data. An unauthenticated attribute is not protected.        Exemplary wrapper formats include IETF's Privacy Enhanced Mail (PEM), IETF's Secure/Multipurpose Internet Mail Extensions (S/MIME); W3C's HyperText Markup Language (HTML), Extensible Hypertext Markup Language (XHTML) and Extensible Forms Description Language (XFDL), and Adobe's Portable Document Format (PDF). Any of these wrapper formats can be applied recursively and markup languages extended to provide signature and protection layering.        